Add field "Return" to paypal form

return  -  An internet URL where your customer will be returned after completing 
payment

Currently users are getting a 404 on completion

Source https://www.paypal.com/cgi-bin/webscr?cmd=p/pdn/howto_checkout-outside

"Tried to upload my own Avator image .jpg and got this error.

Error!
PHP display_errors is turned on, this is the full error message;

Message: Could not move uploaded file.
Code: 0
Line: 57
File: /var/www/tydus.net/westlan/src/htdocs/avatar.php
Stacktrace: 
ID  File    Line    Class   function call
3   /var/www/tydus.net/westlan/src/htdocs/avatar.php    30  FormAvatar  moveFileToTemp(
)
2   /usr/share/php/jwrCommonsPhp/Form.php   295 FormAvatar  validateExtended()
1   /var/www/tydus.net/westlan/src/htdocs/avatar.php    78  Form    validate()
Trigger: Exception -> Exception
"

Allow staff members to hold payments

Looking at 
http://tydus.net/westlan/src/htdocs/adminEvents.php?action=signupStats for my 
user (neon) it shows that against the event "FoodFight" I have the status 
"CHEQUE_IN_POST". 

However, when I click on that event and goto: 
http://tydus.net/westlan/src/htdocs/viewEvent.php?id=14
The status for me, is "SIGNEDUP" and the last user in the list (which is not 
me) has the status: "CHEQUE_IN_POST" instead. Might it be listing my status 
incorrectly on the signupStats page?

Describe the request (feature request, change request, etc):

when adding more tickets to the basket it will allow me to add more tickets 
than there is seats in the hall, might be an idea to:
1. if buying more than 2/3 tickets warn user how many they are about to pay for
2. limit the maximum tickets for sale to the amount of seats available 

URL: http://tydus.net/westlan/src/htdocs/news.php

Describe the problem:

clicked news and errored

Did you get an error message?

PHP display_errors is turned on, this is the full error message;
Message: Undefined variable: action
Code: PHP Notice
Line: 9
File: /var/www/tydus.net/westlan/src/htdocs/news.php
Trigger: PHP Triggered Error

css outlinling on tab

URL: http://tydus.net/westlan/src/htdocs/basket.php

Describe the problem:
After "paying" for tickets basket doesn't reset...

Did you get an error message?

This is a testing ticket

URL: http://tydus.net/westlan/src/htdocs/profile.php

Describe the problem:

In the "Usergroups" section of the profile page (when logged in as staff) shows 
an error message (which can be seen below) in the "Membership Type" column.

Did you get an error message?

Error!

PHP display_errors is turned on, this is the full error message;
Message: Undefined index: type
Code: PHP Notice
Line: 32
File: /tmp/lps/%%75^754^754ABBA2%%profileUsergroups.tpl.php
Trigger: PHP Triggered Error

URL: /logon.php

Describe the problem:

After logon, the anonymous / unauthenticated users session ID becomes 
authenticated. To prevent a session fixation attack, a new session ID should be 
issued upon logon.

POST /login.php HTTP/1.1
User-Agent: Opera/9.80 (Windows NT 6.1; WOW64; U; en) Presto/2.10.289 
Version/12.01
Host: www.westlan.co.uk
Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, 
image/webp, image/jpeg, image/gif, image/x-xbitmap, */*;q=0.1
Accept-Language: en-GB,en;q=0.9
Accept-Encoding: gzip, deflate
Referer: http://www.westlan.co.uk/login.php
Cookie: lpsUser=92bc76468966543f1e781a3c312fdb17; 
__utma=101417735.1380278272.1334658453.1337182936.1345104833.17; 
__utmb=101417735.2.10.1345104833; __utmc=101417735; 
__utmz=101417735.1334658453.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none)
Connection: Keep-Alive
Content-Length: 321

Content-Type: multipart/form-data; boundary=----------0LMzcOwD7HUVfMNin9yeSd


------------0LMzcOwD7HUVfMNin9yeSd
Content-Disposition: form-data; name="username"

wishy
------------0LMzcOwD7HUVfMNin9yeSd
Content-Disposition: form-data; name="password"

isasecret

------------0LMzcOwD7HUVfMNin9yeSd
Content-Disposition: form-data; name="submit"

login
------------0LMzcOwD7HUVfMNin9yeSd--
HTTP/1.1 200 OK
Date: Thu, 16 Aug 2012 08:13:58 GMT
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Keep-Alive: timeout=1, max=100
Connection: Keep-Alive
Transfer-Encoding: chunked
Content-Type: text/html


Steve

There is no interface at the moment allowing punters to choose their own seats. 

Ask for old password before the user can change to a new password.

http://www.westlan.co.uk/viewEvent.php

Please could you add total money taken for each staff member. This makes 
settling accounts much easier

Custom ticket prices (example, for newbies). 

The signup stats do not correctly group properly. 

http://tydus.net/westlan/src/htdocs/adminEvents.php?action=signupStats

URL: http://tydus.net/westlan/src/htdocs/signup.php

Describe the problem:

filled in special requirement after attempting to sign up for lan with "testing 
goodness 12345678910111213141516817181920212223" filled in

Did you get an error message?
Error!

PHP display_errors is turned on, this is the full error message;
Message: 
Code: 0
Line: 17
File: /var/www/tydus.net/westlan/src/htdocs/signup.php
Stacktrace: Empty
Trigger: Exception -> PermissionsException

Punters being able to add their own photos

- and video links
- staff approval 

Describe the request 
https://www.google.co.uk/search?client=opera&rls=en&q=westlan&sourceid=opera&ie=
utf-8&oe=utf-8

The summary for westlan relates to mumble. Rejiggle the HTML
Also try and gets references to South West, Devon, Cornwall, Etc in meta tags 
and towards the top of the website. Lan party cornwall shouldn't bring up a 
dead lan party as the top link

URL: 
http://tydus.net/westlan/src/htdocs/gallery.php?mode=viewImage&filename=DSCF0013
.jpg&gallery=21
Describe the problem:

Clicked thumbnail in gallery minilymp and got error

Did you get an error message?

Error!

PHP display_errors is turned on, this is the full error message;
Message: Could not find the image in a scandir/search. This normally happens 
when there is a thumbnail, but not a full sized image.
Code: 0
Line: 59
File: /var/www/tydus.net/westlan/src/htdocs/includes/classes/Galleries.php
Stacktrace: ID  File    Line    Class   function call
1   /var/www/tydus.net/westlan/src/htdocs/gallery.php   127 Galleries   getPrevNext(, 
Array, , 9)

Trigger: Exception -> Exception

Customisable commission on paypal

URL: 
http://www.westlan.co.uk/viewGalleryImage.php?filename=Joe's-w-c-box.jpg&gallery
=17

Describe the problem:
When clicking through gallery encountered this message

Did you get an error message?

Message: Could not find the image in a scandir/search. This normally happens 
when there is a thumbnail, but not a full sized image.
Code: 0
Line: 95
File: /home/westlanc/public_html/includes/classes/Galleries.php
Stacktrace: ID  File    Line    Class   function call
1   /home/westlanc/public_html/viewGalleryImage.php 15  Galleries   getPrevNext(Joe\'
s-w-c-box.jpg, ItemGallery, , 46)

Trigger: Exception -> Exception

URL: [COPY THE URL FROM THE ADDRESS BAR IN YOUR BROWSER]

Describe the problem:

Clicking the big westlan logo in the top right links to "http://tydus.net/"

Did you get an error message?

[IF SO, COPY AND PASTE HERE]

Clicking the logo in the top right hand corner of a page took you to / instead 
of index.php. Fixed. 

URL: 
http://www.westlan.co.uk/viewGalleryImage.php?filename=P1060147.jpg&gallery=17

Describe the problem:

Not published image is published

Did you get an error message?

No error message

Confirmation for deleting events

Entering unrecognised email address into password recovery results in PHP puke

Error!

PHP display_errors is turned on, this is the full error message;
Message: FormResetPassword::process() did not self terminate
Code: 0
Line: 62
File: 
/var/www/tydus.net/westlan/src/htdocs/includes/classes/FormResetPassword.php
Stacktrace:

    ID  File    Line    Class   function call
    1   /var/www/tydus.net/westlan/src/htdocs/forgotPassword.php    9   FormResetPassword   process()

Trigger: Exception -> Exception

The banstick did not work. 

It does now. 

Reported by Neomancer.

URL: http://www.westlan.co.uk/updateSignup.php

Describe the problem:

Selecting a status of paid results in the user being left as signed up. The 
"Mark as paid" button also results in the user being booted back

Describe the request (feature request, change request, etc):

cool xcon type java count down timer till the next event... stick it below the 
main westlan logo at the top right?

It has been suggested that it be necessary to provide the previous password in 
order to set a new password. I disagree, because in order to change the 
password the session has already been compromised.

Describe the request (feature request, change request, etc):

http://tydus.net/westlan/src/htdocs/wpage.php?title=Sponsors

Clicking the links on this page doesn't work

Describe the request (feature request, change request, etc):

URL: http://www.westlan.co.uk/listGalleries.php

Galleries which are set to only be visible to Staff only are displayed like any 
other gallery (when logged in as staff). It would be useful if they were grayed 
out (as they are for individual photos which aren't published). It allows 
people to see at a glance what is public and what is not.

RSS Feed on news does not produce valid XML

Login sessions do not appear to last for 1 week

When making account and asking for a mobile number you can put letters in and 
still sumbit it. Should this not be just numbers?

URL: /signup.php

Describe the problem:

POST /signup.php HTTP/1.1
Host: www.westlan.co.uk
Connection: keep-alive
Content-Length: 535
Cache-Control: max-age=0
Origin: http://www.westlan.co.uk

User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.1 (KHTML, like 
Gecko) Chrome/21.0.1180.79 Safari/537.1

Content-Type: multipart/form-data; 
boundary=----WebKitFormBoundaryndTjAvk7kHgYT2u9

Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8

Referer: http://www.westlan.co.uk/signup.php?event=62

Accept-Encoding: gzip,deflate,sdch

Accept-Language: en-GB,en-US;q=0.8,en;q=0.6

Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Cookie: lpsUser=6a23056bbdbde8d0e945173151e9a011; 
__utma=101417735.2036285972.1345108610.1345108610.1345108610.1; 
__utmb=101417735.10.10.1345108610; __utmc=101417735; 
__utmz=101417735.1345108610.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none)



------WebKitFormBoundaryndTjAvk7kHgYT2u9

Content-Disposition: form-data; name="user"



835

------WebKitFormBoundaryndTjAvk7kHgYT2u9

Content-Disposition: form-data; name="event"



62

------WebKitFormBoundaryndTjAvk7kHgYT2u9

Content-Disposition: form-data; name="status"



SIGNEDUP

------WebKitFormBoundaryndTjAvk7kHgYT2u9

Content-Disposition: form-data; name="comment"



CSRF Vuns

------WebKitFormBoundaryndTjAvk7kHgYT2u9

Content-Disposition: form-data; name="submit"



signup

------WebKitFormBoundaryndTjAvk7kHgYT2u9--

HTTP/1.1 200 OK

Date: Thu, 16 Aug 2012 09:18:02 GMT

Server: Apache

Expires: Thu, 19 Nov 1981 08:52:00 GMT

Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0

Pragma: no-cache

Keep-Alive: timeout=1, max=100

Connection: Keep-Alive

Transfer-Encoding: chunked

Content-Type: text/html



295

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" 
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html>

<head>
.<title>WestLAN - The South West Lan Party</title>

.<link rel = "shortcut icon" href = 
"resources/themes/airdale/images/favicon.gif" type = "image/gif" />
.<link rel = "stylesheet" href = 
"resources/themes/airdale/stylesheets/main.css" type = "text/css" />

..<meta http-equiv = "refresh" content = "3;url=viewEvent.php?id=62" />
.</head>

<body class = "minimal"><br /><div class = "box norm"><h2>Redirecting: You have 
been signed up.</h2><p>You are being redirected to <a href = 
"viewEvent.php?id=62">here</a>.</p></div>

11

</body>

</html>


=====

Just change
Content-Disposition: form-data; name="status"
SIGNEDUP

to

Content-Disposition: form-data; name="status"

PAID

And you're marked as paid

Also, if you set it to an unrecognised field, the value is accepted, but the 
signup pages die horrible

column ordering

Maintenance mode didn't do anything.

It does now - users will not be able to login. 

Reported by Neomancer

"Avatar does not update in Control Panel >> Profile page. It remains as a 
default picture.
http://tydus.net/westlan/src/htdocs/profile.php"

"http://tydus.net/westlan/src/htdocs/basket.php

the left basket doesn't add the ticket, it remains empty"

Reported by xorn

URL: 
http://tydus.net/westlan/src/htdocs/signup.php?&user=21&event=7&status=cancelled

Describe the problem:
Tried to cancel from a lan that has already happened from attendance menu.

Did you get an error message?
Error!

PHP display_errors is turned on, this is the full error message;
Message: 
Code: 0
Line: 17
File: /var/www/tydus.net/westlan/src/htdocs/signup.php
Stacktrace: Empty
Trigger: Exception -> PermissionsException

schedule can't add items because of duplicate form

The mark as paid link returns the user to a signed up status, not paid.

Documented "API" from an existing system has been provided by Wishy from 
WestLAN. 

URL: http://www.westlan.co.uk/viewEvent.php?id=62

Describe the problem:

The total signups are 43, but if you count the signups, you'll see 6 of these 
have cancelled, but are still included with the total count.

URL: http://www.westlan.co.uk/users.php

Did you get an error message?

Login as standard user account
Go to http://www.westlan.co.uk/users.php
Facepalm

URL: [COPY THE URL FROM THE ADDRESS BAR IN YOUR BROWSER]

Describe the problem:

when attempting to pay for tickets using paypal it tells me "Redirecting: 
Thanks, you will be marked as PAID by an admin when they receive the transfer 
from paypal". The site does not link to paypal for your to make payment 

Did you get an error message?

[IF SO, COPY AND PASTE HERE]

Popup menus on touch devices look aweful

URL: http://www.westlan.co.uk/

Describe the problem:

Set-Cookie: lpsUser=92bc76468966543f1e781a3c312fdb17; expires=Thu, 23-Aug-2012

Set-Cookie should include HttpOnly flag, as there is unlikely to be client side 
javascript which requires access to the session ID.
This provides increased protection against XSS, should some barstard manage to 
sneak one of those though...